Solved HackTool:Win32/Keygen

TimK

New Member
Joined
Apr 20, 2018
Messages
9
OS
Windows 10
Antivirus
Bitdefender
#1
Hi there, I'm having a lot of trouble ridding my system of this apparent infection.

Here's my history / symptoms:

- installed bitdefender free on my system
- used computer more or less OK a few months
- frequent notifications regarding on-access scan, item blocked, deleted etc
- "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder
- Occasional computer restarts, blue screen, "your system restarted unexpectedly" etc
- Computer working very hard (CPU fan etc) with google chrome running, basically not doing much - suspicious

I then read some of the assisstance articles on this site.

Following advice I downloaded Rkill, Malwarebytes, Hitmanpro, Wemana and Emisoft onto a USB key.

- restart computer in safemode with networking
- run Rkill - all ok
- install and run malwarebytes, Hitmanpro - detection of about 26000 threats - quaranteened
- restart in normal mode, instalation and run of wemana & emisoft - a few more detections and quaranteens.
- Hoping all is well, back to using my computer for a few weeks
- Intermittent notifictations from bitdefender as before - "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder
- Otherwise running reasonably
- repeated advise and programs listed above - deleted a few thousand threats, but less than last time

Did some more research on this site

- Ran the same programs as above, plus Malwarebytes ADWCleaner, plus CCleaner, plus uninstalled Chrome........
- Cleaned a few of the same files as before - a few thousand.
- Restarted computer.........
- frequent notifications regarding on-access scan, item blocked, deleted etc
- "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder
-AAAAARRRRGGGGhhhhh!!!!!!! - I'm getting nowhere!!

Any helpful advice will be very gratefully received!! thanks in advance
 
Operating System
Windows 10
Are you using a 32-bit or 64-bit operating system?
64-bit (x64)
Infection date and initial symptoms
December 2017
Current issues and symptoms
- frequent notifications regarding on-access scan, item blocked, deleted etc

- "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder

- Occasional computer restarts, blue screen, "your system restarted unexpectedly" etc
Steps taken in order to remove the infection
- restart computer in safemode with networking

- run Rkill - all ok

- install and run malwarebytes, Hitmanpro - detection of about 26000 threats - quaranteened

- restart in normal mode, instalation and run of wemana & emisoft - a few more detections and quaranteens.
Logs added to Help Request
FRST.txt, Addition.txt, I've also uploaded logs from other scans that I've performed

Attachments

TimK

New Member
Joined
Apr 20, 2018
Messages
9
OS
Windows 10
Antivirus
Bitdefender
#3
Hi there,

Thanks very much - where do I address the upload to?
 

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,275
OS
Windows 10
Antivirus
ESET
#6
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

TimK

New Member
Joined
Apr 20, 2018
Messages
9
OS
Windows 10
Antivirus
Bitdefender
#9
Thanks for your efforts, I'll check again tonight.

Usually I will run a series of scans, elements will be found and removed by each of the tools until by the end nothing is coming up and all appears clean. Then a day or 2 later I will start seeing the same "HackTool:Win32/Keygen" type detections, deletions etc by bitdefender. When I then get around to re running scans by other tools a few days later, a few hundred or thousand elements are found/quaranteed etc usually from the windows/temp folder. - ie, I seem to be going around in circles - something appears to remain and let stuff through.

Again, maybe with the tools and latest scans I've done, something may have changed. So I'll run tests again and get back.

Cheers
 

TimK

New Member
Joined
Apr 20, 2018
Messages
9
OS
Windows 10
Antivirus
Bitdefender
#14
How are the temporary files getting there in the first place?
 

TimK

New Member
Joined
Apr 20, 2018
Messages
9
OS
Windows 10
Antivirus
Bitdefender
#16
Hi there,
Sorry for the slow reply.
No nothing appears to be working in the background.
Otherwise - good news - nothing has turned up for nearly a week now! Perhaps one of your last suggestions nailed it.
I'll keep you posted if (hopefully not) anything shows up again.
Once more - thanks very much for your help, a lifesaver.

cheers
 
Forgot your password?